Malware analysts in the U.S. say there are less infections caused by porn-surfing bosses than two years ago, but more executives clicking on phishing links and infecting networks.

Thinkstock

ThreatTrack Security wanted to know how the challenges facing malware analysts dealing with cyber threats have evolved in past two years. So the company had Opinion Matters conduct an independent blind survey of 207 security professionals dealing with malware analysis in the U.S. While the findings are not all sunshine and chocolate, only 11% said they investigated a data breach that was not disclosed to customers, compared to 57% who said the same back in 2013. Another piece of good news - fewer security analysts need to purge malware as a result of a company's senior leadership member visiting a porn site. In 2013, 40% of malware infections came from porn-surfing corporate bosses, compared to 26% in 2015.

Senior executives, however, are clicking on phishing links more often, with 59% leading into malware infections, compared to 56% in 2013. The flip side is that security pros are educating execs, as fewer (29%) end up with a malware infection after letting family members use a company-owned device; 45% of malware infections happened that way in 2013. Only about a third, or 33%, have ended up plugging in an infected USB drive or smartphone, whereas 46% did so in 2013.

The findings revealed that 35% of respondents said it has become more difficult to defend U.S. enterprises from cyberattacks, with 45% claiming nothing has changed.

Sixty-two percent of respondents said they would “personally guarantee” their customers that their data will be safe in 2016; 81% made the same promise in 2013. Seventy-one percent of respondents who worked at organizations with a CISO would extend that guarantee throughout 2016. Overall, corporations with a CSO or CISO are more confident in their ability to fight cybercrime. Forty-eight percent of organizations without a CISO also did not have a dedicated Incident Response Team or Security Operations Center to respond to cyberattacks.

Respondents said the most difficult technical challenges to defending their networks are the complexity of malware (56%), the volume of malware (47%), over-alerting – basically being spammed – by security systems (35%), and with 24% reporting an inability to correlate data or threat intelligence with specific attacks.

Thirty-four percent blamed inadequate budgets for being the most difficult aspect of defending against advanced malware, but 37% cited the lack of skilled personnel. ThreatTrack reported that “other areas of concern were ‘lack of control or management’ of security tools such as antivirus and firewalls (21%); ‘overreliance on industry compliance standards and/or government regulations to guide security strategy’ (20%); conflict with the IT department (16%) or the office of the CIO (14%); and lack of influence over cybersecurity purchase decisions (12%).”

How long does it take to analyze malware?

Over half (53%) of analysts reported that it takes more than two hours to analyze a new malware sample. Five percent boasted that they could analyze it less than an hour. Despite the fact that standalone malware analysis sandbox can analyze malicious code in mere minutes, only 17% of analysts rely on that as their primary tool. Forty-five percent rely on an “integrated malware analysis feature within existing defenses,” and 21% turn to a disparate “mix of specialized tools.”

Too many organizations still need to refine their malware-fighting strategies, which is evident from the very modest gains over the last two years in their readiness to fight cybercrime. Although security analysts say they have the tools they need, it's clear malware analysis remains too slow and, as such, increases the risk of infection and breach.